Remove server.tomcat.reject-illegal-header

Closes gh-42731

Author: mhalbritter

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java

@@ -489,13 +489,6 @@ public static class Tomcat {
 		 */
 		private Duration connectionTimeout;
 
-		/**
-		 * Whether to reject requests with illegal header names or values.
-		 * @deprecated since 2.7.12 for removal in 3.3.0
-		 */
-		@Deprecated(since = "2.7.12", forRemoval = true) // Remove in 3.3
-		private boolean rejectIllegalHeader = true;
-
 		/**
 		 * Static resource configuration.
 		 */
@@ -652,17 +645,6 @@ public void setConnectionTimeout(Duration connectionTimeout) {
 			this.connectionTimeout = connectionTimeout;
 		}
 
-		@Deprecated(since = "3.2.0", forRemoval = true)
-		@DeprecatedConfigurationProperty(reason = "The setting has been deprecated in Tomcat", since = "3.2.0")
-		public boolean isRejectIllegalHeader() {
-			return this.rejectIllegalHeader;
-		}
-
-		@Deprecated(since = "3.2.0", forRemoval = true)
-		public void setRejectIllegalHeader(boolean rejectIllegalHeader) {
-			this.rejectIllegalHeader = rejectIllegalHeader;
-		}
-
 		public Resource getResource() {
 			return this.resource;
 		}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java

@@ -145,8 +145,6 @@ public void customize(ConfigurableTomcatWebServerFactory factory) {
 			.as(this::joinCharacters)
 			.whenHasText()
 			.to((relaxedChars) -> customizeRelaxedQueryChars(factory, relaxedChars));
-		map.from(properties::isRejectIllegalHeader)
-			.to((rejectIllegalHeader) -> customizeRejectIllegalHeader(factory, rejectIllegalHeader));
 		customizeStaticResources(factory);
 		customizeErrorReportValve(this.serverProperties.getError(), factory);
 	}
@@ -219,16 +217,6 @@ private void customizeRelaxedQueryChars(ConfigurableTomcatWebServerFactory facto
 		factory.addConnectorCustomizers((connector) -> connector.setProperty("relaxedQueryChars", relaxedChars));
 	}
 
-	@SuppressWarnings("deprecation")
-	private void customizeRejectIllegalHeader(ConfigurableTomcatWebServerFactory factory, boolean rejectIllegalHeader) {
-		factory.addConnectorCustomizers((connector) -> {
-			ProtocolHandler handler = connector.getProtocolHandler();
-			if (handler instanceof AbstractHttp11Protocol<?> protocol) {
-				protocol.setRejectIllegalHeader(rejectIllegalHeader);
-			}
-		});
-	}
-
 	private String joinCharacters(List<Character> content) {
 		return content.stream().map(String::valueOf).collect(Collectors.joining());
 	}

spring-boot-project/spring-boot-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -361,6 +361,12 @@
         "level": "error"
       }
     },
+    {
+      "name": "server.tomcat.reject-illegal-header",
+      "deprecation": {
+        "level": "error"
+      }
+    },
     {
       "name": "server.undertow.buffers-per-region",
       "type": "java.lang.Integer",

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java

@@ -142,7 +142,6 @@ void testTomcatBinding() {
 		assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol");
 		assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
 		assertThat(tomcat.getRemoteip().getTrustedProxies()).isEqualTo("proxy1|proxy2|proxy3");
-		assertThat(tomcat.isRejectIllegalHeader()).isFalse();
 		assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10);
 		assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<');
 		assertThat(tomcat.getRelaxedQueryChars()).containsExactly('^', '|');
@@ -422,13 +421,6 @@ void tomcatInternalProxiesMatchesDefault() {
 			.isEqualTo(new RemoteIpValve().getInternalProxies());
 	}
 
-	@Test
-	@SuppressWarnings("removal")
-	void tomcatRejectIllegalHeaderMatchesProtocolDefault() throws Exception {
-		assertThat(getDefaultProtocol()).hasFieldOrPropertyWithValue("rejectIllegalHeader",
-				this.properties.getTomcat().isRejectIllegalHeader());
-	}
-
 	@Test
 	void tomcatUseRelativeRedirectsDefaultsToFalse() {
 		assertThat(this.properties.getTomcat().isUseRelativeRedirects()).isFalse();